← Back to docs

Tools follow a handler pattern where each tool defines a name, description, JSON-schema parameters, and a handle() implementation. Tool availability is controlled by the active capability profile.

File inspection tools

These tools are always available regardless of profile.

read

Read file contents with optional line ranges.

ParameterTypeDescription
pathstringFile path (required)
start_lineintegerFirst line to read
end_lineintegerLast line to read

Returns line-numbered content. Blocks binary files. Defaults to 500 lines max, truncating lines longer than 500 characters.

grep

Search file contents using ripgrep.

ParameterTypeDescription
patternstringSearch pattern (required)
pathstringFile or directory to search
globstringFile glob filter
ignore_casebooleanCase-insensitive matching
context_linesintegerLines of context around matches
max_matchesintegerMaximum results (default: 100)

Automatically skips .git, node_modules, __pycache__, and .venv directories.

glob

Find files by glob pattern.

ParameterTypeDescription
patternstringGlob pattern (required)
pathstringBase directory
max_resultsintegerMaximum results (default: 100)

list

List directory contents as a flat listing or recursive tree.

ParameterTypeDescription
pathstringDirectory path (required)
show_hiddenbooleanInclude hidden files
recursivebooleanRecursive tree view
max_depthintegerMaximum tree depth

Flat mode shows permissions, size, mtime, and name. Recursive mode shows a tree structure. Defaults to 200 entries max.

read_excel

Read and inspect Excel files (.xlsx, .xls).

ParameterTypeDescription
pathstringExcel file path (required)
actionstringlist_sheets, read_sheet, or get_info
sheetstringSheet name or index
start_rowintegerFirst row to read
end_rowintegerLast row to read
show_hiddenbooleanInclude hidden rows/columns

Returns tab-delimited data or sheet metadata. Defaults to 500 rows max.

Shell tool

bash

Execute shell commands. Behavior depends on the profile’s shell mode.

ParameterTypeDescription
commandstringShell command to execute (required)
working_dirstringWorking directory override
timeoutintegerTimeout in seconds

Restricted mode (readonly profile): Only allowlisted commands are permitted. The allowlist includes read-only commands like cat, grep, find, ls, head, tail, wc, jq, git log, git diff, git show, ps, df, du, env, curl, and similar inspection tools. Redirects (>, >>) and destructive commands (rm, mv, chmod, kill, sudo) are blocked.

Unrestricted mode (developer and eval profiles): Any command is allowed.

Returns JSON with output, exit_code, and duration_seconds.

File edit tools

Available when the profile’s file_write mode is create-only or full.

write

Create or overwrite files.

ParameterTypeDescription
pathstringFile path (required)
contentstringFile content (required)

Create-only mode: Can only create new files. Blocks overwrites and writes to sensitive paths (.bashrc, .ssh/, .aws/, /etc/, /usr/).

Full mode: Unrestricted write access.

edit

Surgical file edits via search-and-replace.

ParameterTypeDescription
pathstringFile path (required)
old_stringstringText to find (required)
new_stringstringReplacement text (required)

Requires a unique match to prevent accidental changes. Uses a three-stage matching strategy:

  1. Exact match — literal string comparison
  2. Whitespace-normalized — matches ignoring whitespace differences
  3. Indentation-flexible — matches with different indentation while preserving relative indentation in the replacement

Database tools

Database tools share a common interface. All support query, list_tables, describe, and export_query operations. By default, only SELECT queries are allowed. Mutation queries (INSERT, UPDATE, DELETE, DROP, CREATE, ALTER, TRUNCATE) require the eval profile.

ParameterTypeDescription
databasestringDatabase alias (for multi-database configs)
operationstringquery, list_tables, describe, or export_query
sqlstringSQL query (for query and export_query)
table_patternstringFilter pattern for list_tables
table_namestringTable name for describe
output_pathstringCSV output path for export_query

Query results are formatted as ASCII tables with a default limit of 100 rows.

sqlite

Configured via SQLITE_DB environment variable. Supports multiple databases as a comma-separated list.

postgres

Configured via POSTGRES_HOST, POSTGRES_DATABASE, POSTGRES_USER, POSTGRES_PASSWORD.

mysql

Configured via MYSQL_HOST, MYSQL_DATABASE, MYSQL_USER, MYSQL_PASSWORD.

oracle

Configured via ORACLE_DSN, ORACLE_USER, ORACLE_PASSWORD.

vertica

Configured via VERTICA_HOST, VERTICA_DATABASE, VERTICA_USER, VERTICA_PASSWORD.

Integration tools

azure_devops

Work item operations for Azure DevOps. Enabled when AZURE_DEVOPS_ORG and AZURE_DEVOPS_PAT environment variables are set.

ParameterTypeDescription
operationstringOperation name (required)
projectstringProject name (defaults to AZURE_DEVOPS_PROJECT)
wiqlstringWIQL query for search
work_item_idintegerWork item ID for get, update, add_comment
work_item_typestringType for create (e.g., “Bug”, “Task”)
titlestringTitle for create
commentstringComment text
fieldsdictFields for create or update
target_work_item_idintegerTarget for link
link_typestringparent, child, related, predecessor, successor
topintegerMax results for search

Read-only operations: search, get, get_comments, get_history, list_projects

Mutation operations (blocked when AZURE_DEVOPS_READONLY=true): create, add_comment, update, link

Delegation tool

delegate

Spawn a child agent to execute a focused subtask. See Architecture for details on multi-agent coordination.

ParameterTypeDescription
instructionstringTask description for the child agent (required)
full_contextbooleanCopy parent conversation history to child

The child agent inherits the parent’s profile, model, and working directory. Delegation is single-level — child agents cannot delegate further. Parent cancellation propagates to children automatically.